laravelpusherpusher-js

Pusher service has allowed_origins?


is there any way to set "allowed_origins" for pusher service

https://pusher.com

Now anyone that know my "app_key" can connect to my socket server in pusher.com "app_key" is in socket request address in the browser console so its not secure !


Solution

  • That wouldn't make it more secure. It's probably why Pusher doesn't have a feature like that. A malicious actor could still easily send arbitrary header from any server and subscribe to a channel.

    If you are concerned about who can subscribe to a channel (e.g., you are broadcasting sensitive messages), you must use private channels.